$val){ $offset = 0; $found = false; foreach ($temp_array as $tmp_key => $tmp_val) { if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) { $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset)); $found = true; }; $offset++; }; if (!$found) $temp_array = array_merge($temp_array, array($key => $val)); }; if ($sort_ascending) { $array = array_reverse($temp_array); } else $array = $temp_array; /* below is the complement for empty array test */ return true; }; // Called by Ajax to update the "snort-alert-entries" table element's contents if (isset($_GET['getNewAlerts'])) { $response = ""; $s_alerts = snort_widget_get_alerts(); $counter = 0; foreach ($s_alerts as $a) { $response .= $a['instanceid'] . " " . $a['dateonly'] . "||" . $a['timeonly'] . "||" . $a['src'] . "||"; $response .= $a['dst'] . "||" . $a['msg'] . "\n"; $counter++; if($counter >= $snort_nentries) break; } echo $response; return; } // See if saving new display line count value if(isset($_POST['widget_snort_display_lines'])) { if($_POST['widget_snort_display_lines'] == "") { unset($config['widgets']['widget_snort_display_lines']); } else { $config['widgets']['widget_snort_display_lines'] = max(intval($_POST['widget_snort_display_lines']), 1); } write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); header("Location: ../../index.php"); } // Read "$snort_nentries" worth of alerts from the top of the alert.log file // of each configured interface, and then return the most recent '$snort_entries' // alerts in a sorted array (most recent alert first). function snort_widget_get_alerts() { global $config, $a_instance, $snort_nentries; $snort_alerts = array(); /* read log file(s) */ $counter=0; foreach ($a_instance as $instanceid => $instance) { $snort_uuid = $a_instance[$instanceid]['uuid']; $if_real = get_real_interface($a_instance[$instanceid]['interface']); /* make sure alert file exists, then "tail" the last '$snort_nentries' from it */ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { exec("tail -{$snort_nentries} -r /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_snort{$snort_uuid}"); if (file_exists("/tmp/alert_snort{$snort_uuid}")) { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format: timestamp,generator_id,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ if (!$fd = fopen("/tmp/alert_snort{$snort_uuid}", "r")) { log_error(gettext("[Snort Widget] Failed to open file /tmp/alert_snort{$snort_uuid}")); continue; } while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 13) continue; // Get the Snort interface this alert was received from $snort_alerts[$counter]['instanceid'] = strtoupper($a_instance[$instanceid]['interface']); // "fields[0]" is the complete timestamp in ASCII form. Convert // to a UNIX timestamp so we can use it for various date and // time formatting. Also extract the MM/DD/YY component and // reverse its order to YY/MM/DD for proper sorting. $fields[0] = trim($fields[0]); // remove trailing space before comma delimiter $tstamp = strtotime(str_replace("-", " ", $fields[0])); // remove "-" between date and time components $tmp = substr($fields[0],6,2) . '/' . substr($fields[0],0,2) . '/' . substr($fields[0],3,2); $snort_alerts[$counter]['timestamp'] = str_replace(substr($fields[0],0,8),$tmp,$fields[0]); $snort_alerts[$counter]['timeonly'] = date("H:i:s", $tstamp); $snort_alerts[$counter]['dateonly'] = date("M d", $tstamp); // Add square brackets around any any IPv6 address if (strpos($fields[6], ":") === FALSE) $snort_alerts[$counter]['src'] = trim($fields[6]); else $snort_alerts[$counter]['src'] = "[" . trim($fields[6]) . "]"; // Add the SRC PORT if not null if (!empty($fields[7])) $snort_alerts[$counter]['src'] .= ":" . trim($fields[7]); // Add square brackets around any any IPv6 address if (strpos($fields[8], ":") === FALSE) $snort_alerts[$counter]['dst'] = trim($fields[8]); else $snort_alerts[$counter]['dst'] = "[" . trim($fields[8]) . "]"; // Add the DST PORT if not null if (!empty($fields[9])) $snort_alerts[$counter]['dst'] .= ":" . trim($fields[9]); $snort_alerts[$counter]['msg'] = trim($fields[4]); $counter++; }; fclose($fd); @unlink("/tmp/alert_snort{$snort_uuid}"); }; }; }; /* sort the alerts array */ if (isset($config['syslog']['reverse'])) { sksort($snort_alerts, 'timestamp', false); } else { sksort($snort_alerts, 'timestamp', true); }; return $snort_alerts; } ?> "); $counter++; if($counter >= $snort_nentries) break; } } ?>


" . $alert['instanceid'] . " " . $alert['dateonly'] . " " . $alert['timeonly'] . "	" . $alert['src'] . " " . $alert['dst'] . "	" . $alert['msg'] . "